CVE-2026-31236CRITICAL 9.8EPSS p39.3%

CVE-2026-31236CVE-2026-31236

Description

The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec() function without any sanitization, sandboxing, or security restrictions. An attacker can exploit this by crafting a malicious llm command with arbitrary Python code in the --functions argument and using social engineering to trick a victim into running it. This leads to arbitrary code execution on the victim's system, potentially granting the attacker full control.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.51% probability of exploitation · percentile 39.3% · 2026-06-18T12:00:27Z
Published2026-05-12
Last modified2026-05-14

Underlying weaknesses· 1

CWE-94

References

  1. https://github.com/simonw/llm
  2. https://www.notion.so/CVE-2026-31236-35d1e139318881a4a0f1fffcf671f7e3

1

TypeTargetConfidenceTier
WeaknessImproper Control of Generation of Code ('Code Injection')cwe-940%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-42203
CVE
CVE-2026-22807
CVE
CVE-2026-27893
CVE
CVE-2026-30617
CVE
CVE-2026-46432
CVE
CVE-2026-0768
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.